Skip to main content
SpringerLink
Log in

A scalable post-quantum hash-based group signature

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

We present a construction for hash-based one-time group signature schemes, and develop a traceable post-quantum multi-time group signature upon it. A group signature scheme allows group members to anonymously sign a message on behalf of the entire group. The signatures are unforgeable, and the scheme enables authorized openers to trace the signature back to the original signer when needed. Our construction utilizes three nested layers to build the group signature scheme. The first layer performs the key-management task; it deploys a transversal design to assign keys to the group members and the openers, establishing anonymity and providing the construction with traceability. The second layer utilizes sets of hash values, hash pools, to build the group public verification key and to connect group members together. The final layer uses a post-quantum hash-based signature scheme, that adds unforgeability to our construction. We extend our scheme to multi-time signatures using Merkle trees and show that this process maintains the scalability property of Merkle-based signatures, while it supports the group members signing any number of messages.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. In this paper, we mainly use \(\tau =2\).

  2. Or a group hash-based signature scheme where the secret-key set is the same for all members.

  3. We use \(\tau =2\) in our construction.

  4. Recall that \(\mathrm{TD}_{(4, 3)}\) represents 2-\(\mathrm{TD}_{(4, 3)}\).

  5. By using \(\tau \)-\(\mathrm{TD}_{(t,n)}\) instead of (2-\()\mathrm{TD}_{(t,n)}\), this argument is extendable to \(\tau \) openers, instead of two.

  6. Usually n and t are used instead of \(\eta \) and \(\mu \), respectively. However, n and t are already used as the parameters for transversal designs.

  7. We acknowledge that this is not the only possible data structure, and it is not necessarily optimized.

  8. \( B_u\) is the block that transversal design generates for user u.

  9. Usually s and t are used instead of \(\eta \) and \(\mu \), respectively. However, s and t are already used as other parameters in this paper.

  10. Recall that the GO tree signature itself consists of the t (k) signing elements for Winternitz (1-CFF) as described in GSIG\((\mathrm{Gsk}_u,M)\) in Algorithm 1 and the authentication path of each of them.

  11. Similar discussion holds for the 1-CFF-based signature constructions as well.

  12. Note that the strong unforgeability requires: \((M, \sigma _M) \ne (M_1, \sigma _{M_1})\).

References

  1. Ateniese, G., Tsudik, G.: Some open issues and new directions in group signatures. In: International Conference on Financial Cryptography, LNCS, vol. 1648, pp 196–211. Springer (1999)

  2. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS ’93, pp 62–73, New York, Association for Computing Machinery (1993)

  3. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: International conference on the theory and applications of cryptographic techniques, LNCS, vol. 2656, pp 614–629. Springer (2003)

  4. Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Cryptographers’ Track at the RSA Conference, LNCS, vol. 3376, pp 136–153. Springer (2005)

  5. Bernstein, D.J., Hülsing, A., Kölbl, S., Niederhagen, R., Rijneveld, J., Schwabe, P.: The SPHINCS+ signature framework. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, pp 2129–2146, New York, Association for Computing Machinery (2019)

  6. Boneh D., Boyen X.: Short signatures without random oracles and the sdh assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008).

    Article  MathSciNet  Google Scholar 

  7. Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: Proceedings of the 11th ACM conference on Computer and communications security, pp 168–177. ACM (2004)

  8. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Annual International Cryptology Conference LNCS, vol. 3152, pp 41–55. Springer (2004)

  9. Bos, J.N.E., Chaum, D.: Provably unforgeable signatures. In: Annual International Cryptology Conference, LNCS, vol. 740, pp 1–14. Springer (1992)

  10. Boyen, X., Waters, B.: Compact group signatures without random oracles. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp 427–444. Springer (2006)

  11. Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle signatures with virtually unlimited signature capacity. In: International Conference on Applied Cryptography and Network Security, LNCS, vol. 4521, pp 31–45. Springer (2007)

  12. Buchmann, J., Dahmen, E., Schneider, M.: Merkle tree traversal revisited. In: International Workshop on Post-Quantum Cryptography, LNCS, vol. 5299, pp 63–78. Springer (2008)

  13. Buchmann, J., Dahmen, E., Hülsing, A.: XMSS-a practical forward secure signature scheme based on minimal security assumptions. In: International Workshop on Post-Quantum Cryptography, LNCS, vol. 7071, pp 117–129. Springer (2011)

  14. Chaum, D., Van Heyst, E.: Group signatures. In: Workshop on the Theory and Application of of Cryptographic Techniques, LNCS, vol. 547, pp 257–265. Springer (1991)

  15. Chen, L., Pedersen, T.P.: New group signature schemes. In: Workshop on the Theory and Application of of Cryptographic Techniques, LNCS, vol. 950, pp 171–181. Springer (1994)

  16. Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a mceliece-based digital signature scheme. In: International Conference on the Theory and Application of Cryptology and Information Security, LNCS, vol. 2248, pp 157–174. Springer (2001)

  17. D’Arco P., Esfahani N.N., Stinson D.R.: All or nothing at all. Electron. J. Combin. 23(4), 4–10 (2016).

    MathSciNet  MATH  Google Scholar 

  18. Daniel, J., Bernstein, J.B., Dahmen, E.: 1st edn Post Quantum Cryptography. Springer Publishing Company, Incorporated (2008)

  19. Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis J., Keromytis A., Yung M. (eds) Applied Cryptography and Network Security, LNCS, vol. 3531, pp 164–175, Berlin, Heidelberg (2005)

  20. El Bansarkhani, R., Misoczki, R.: G-merkle: a hash-based group signature scheme from standard assumptions. In: International Conference on Post-Quantum Cryptography, LNCS, vol. 10786, pp 441–463. Springer (2018)

  21. Esfahani N.N., Goldberg I., Stinson D.R.: Some results on the existence of \( t \)-all-or-nothing transforms over arbitrary alphabets. IEEE Trans. Inf. Theory 64(4), 3136–3143 (2017).

    Article  MathSciNet  Google Scholar 

  22. Ezerman, M.F., Lee, H.T., Ling, S., Nguyen, K., Wang, H.: A provably secure group signature scheme from code-based assumptions. In: International Conference on the Theory and Application of Cryptology and Information Security LNCS, vol. 9452, pp 260–285. Springer (2015)

  23. Gordon, S.D., Katz, J., Vaikuntanathan, V.: A group signature scheme from lattice assumptions. In: International Conference on the Theory and Application of Cryptology and Information Security, LNCS, vol. 6477, pp 395–412. Springer (2010)

  24. Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems— CHES 2012, LNCS, vol 7428, pp 530–547, Berlin, Heidelberg (2012)

  25. Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J., Whyte, W.: Ntrusign: digital signatures using the ntru lattice (2003)

  26. Housley, R.: Use of the HSS/LMS Hash-Based Signature Algorithm in the Cryptographic Message Syntax (CMS). RFC 8708 (2020)

  27. Huelsing, A., Butin, D., Gazdag, S.-L., Rijneveld, J., Mohaisen, A.: XMSS: eXtended Merkle Signature Scheme. RFC 8391 (2018)

  28. Hülsing, A.: W-OTS+-shorter signatures for hash-based signature schemes. In: International Conference on Cryptology in Africa, LNCS, vol. 7918, pp 173–188. Springer (2013)

  29. Hülsing, A., Rausch, L., Buchmann, J.: Optimal parameters for XMSS MT. In: International Conference on Availability, Reliability, and Security, LNCS, vol. 8128, pp 194–208. Springer (2013)

  30. Katz, J., Lindell, Y.:. Introduction to Modern Cryptography (Chapman & Hall/CRC Cryptography and Network Security Series). Chapman & Hall/CRC (2007)

  31. Kipnis, A, Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed) Advances in Cryptology—EUROCRYPT ’99, pp 206–222, Berlin, Heidelberg (1999)

  32. Laguillaumie, F., Langlois, A., Libert, B., Stehlé, D.: Lattice-based group signatures with logarithmic signature size. In: International Conference on the Theory and Application of Cryptology and Information Security, LNCS, vol. 8270, pp 41–61. Springer (2013)

  33. Lamport, L.: Constructing digital signatures from a one-way function. Technical report, Technical Report CSL-98, SRI International Palo Alto (1979)

  34. Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: International Workshop on Public Key Cryptography, LNCS, vol. 8383, pp 345–361. Springer (2014)

  35. Lee J., Stinson D.R.: On the construction of practical key predistribution schemes for distributed sensor networks using combinatorial designs. ACM Trans. Inf. Syst. Secur. (TISSEC) 11(2), 1 (2008).

    Article  Google Scholar 

  36. Libert, B., Peters, T., Yung, M.: Group signatures with almost-for-free revocation. In: Annual Cryptology Conference LNCS, vol. 7417, pp 571–589. Springer (2012)

  37. Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS, vol. 7237, pp 609–627. Springer (2012)

  38. Ling, S., Nguyen, K., Wang, H.: Group signatures from lattices: simpler, tighter, shorter, ring-based. In: IACR International Workshop on Public Key Cryptography, LNCS, vol. 9020, pp 427–449. Springer (2015)

  39. McGrew, D., Curcio, M., Fluhrer, S.: Leighton–Micali hash-based signatures. RFC 8554 (2019)

  40. Merkle, R.C.: A certified digital signature. In: Conference on the Theory and Application of Cryptology, LNCS, vol. 435, pp 218–238. Springer (1989)

  41. Nguyen, P.Q., Zhang, J., Zhang, Z.: Simpler efficient group signatures from lattices. In: IACR International Workshop on Public Key Cryptography, LNCS, vol. 9020, pp 401–426. Springer (2015)

  42. Reyzin, L., Reyzin, N.: Better than biba: short one-time signatures with fast signing and verifying. In: Australasian Conference on Information Security and Privacy, LNCS, vol. 2384, pp 144–153. Springer (2002)

  43. Rivest, R.L.: All-or-nothing encryption and the package transform. In: International Workshop on Fast Software Encryption, LNCS, vol. 1267, pp 210–218. Springer (1997)

  44. Shamir A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979).

    Article  MathSciNet  Google Scholar 

  45. Stinson D.R.: Something about all or nothing (transforms). Des. Codes Crypt. 22(2), 133–138 (2001).

    Article  MathSciNet  Google Scholar 

  46. Stinson D.R.: Combinatorial Designs: Constructions and Analysis. Springer, Berlin (2007).

    MATH  Google Scholar 

  47. Xin, W., Jie, C., Lijun, J.: Linear \((2, p, p)\)-AONTs exist for all primes \(p\). Des. Codes Cryptogr. 1–13 (2019)

  48. Zaverucha G.M., Stinson D.R.: Short one-time signatures. Adv. Math. Commun. 5(3), 473–488 (2011).

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

The authors would like to thank the reviewers and Doug Stinson for their valuable and constructive feedback. Also, thanks to Ian Goldberg, Rei Safavi-Naini, and Douglas Stebila for helpful discussions.

Author information

Authors and Affiliations

  1. David R. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, N2L 3G1, Canada

    Masoumeh Shafieinejad & Navid Nasr Esfahani

Authors
  1. Masoumeh Shafieinejad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Navid Nasr Esfahani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masoumeh Shafieinejad.

Additional information

Communicated by M. Paterson.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shafieinejad, M., Esfahani, N.N. A scalable post-quantum hash-based group signature. Des. Codes Cryptogr. 89, 1061–1090 (2021). https://doi.org/10.1007/s10623-021-00857-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-021-00857-9

Keywords

Mathematics Subject Classification

Search

Navigation